Oops, They Did it Again! New Vulnerability Discovered in Just-Patched Java

Did you update your Java Plug-in with the Update 7 after the critical vulnerability discovered last week? You’d better wait!

Adam Gowdiak, CEO of Security Exploration, the Polish startup that discovered the Java SE 7 vulnerabilities (immediately exploited by cyber criminals), has discovered a new flaw that affects the patched version of Java released this Thursday. A patch released outside the consolidated Oracle update cycle which foresees three updates per year: an uncommon event for the company which demonstrates the seriousness of the security hole.

Unluckily, history is repeating, Adam Gowdiak has told The Register, that just-released Java SE 7 Update 7, contains a flaw that could allow an attacker to bypass the Java security sandbox completely, making it possible to install malware or execute malicious code on affected systems.

Thanks for your kind words. For the chronicle no one is paying me for blogging. I only think that a vulnerability, sorry two vulnerabilities, unpatched since April 2012 are quite curious. Don’t you think so?

Calendar

Archives

RSS Feed

About This Blog

In this blog I express my personal opinion, which does not necessarily reflects the opinion of my employer
Every information is reported with its source.
Anyone intending to use the information contained in my posts is free to do so, provided my blog is mentioned in your article.